Winter 50% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 28285018

CISA Certified Information Systems Auditor Questions and Answers

Questions 4

A data center's physical access log system captures each visitor's identification document numbers along with the visitor's photo. Which of the following sampling methods would be MOST useful to an IS auditor conducting compliance testing for the effectiveness of the system?

Options:

A.

Haphazard sampling

B.

Attribute sampling

C.

Variable sampling

D.

Quota sampling

Buy Now
Questions 5

An IS auditor reviewing the use of encryption finds that the symmetric key is sent by an email message between the parties. Which of the following audit responses is correct in this situation?

Options:

A.

No audit finding is recorded as it is normal to distribute a key of this nature in this manner

B.

An audit finding is recorded as the key should be asymmetric and therefore changed

C.

No audit finding is recorded as the key can only be used once

D.

An audit finding is recorded as the key should be distributed in a secure manner

Buy Now
Questions 6

Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

Options:

A.

The organization may be more susceptible to cyber-attacks.

B.

The organization may not be in compliance with licensing agreement.

C.

System functionality may not meet business requirements.

D.

The system may have version control issues.

Buy Now
Questions 7

Which of the following is MOST important for the successful establishment of a security vulnerability

management program?

Options:

A.

A comprehensive asset inventory

B.

A tested incident response plan

C.

An approved patching policy

D.

A robust tabletop exercise plan

Buy Now
Questions 8

Which of the following is necessary for effective risk management in IT governance?

Options:

A.

Risk management strategy is approved by the audit committee

B.

Risk evaluation is embedded in management processes.

C.

Local managers are solely responsible for risk evaluation

D.

IT risk management is separate from corporate risk management

Buy Now
Questions 9

An application used at a financial services organization transmits confidential customer data to downstream applications using a batch process. Which of the following controls would protect this information?

Options:

A.

Header record with timestamp

B.

Record count

C.

Control file

D.

Secure File Transfer Protocol (SFTP)

Buy Now
Questions 10

When deciding whether a third party can be used in resolving a suspected security breach, which of the following should be the MOST important consideration for IT management?

Options:

A.

Third-party cost

B.

Incident priority rating

C.

Data sensitivity

D.

Audit approval

Buy Now
Questions 11

Which of the following must be in place before an IS auditor initiates audit follow-up activities?

Options:

A.

A heat map with the gaps and recommendations displayed in terms of risk

B.

Available resources for the activities included in the action plan

C.

Supporting evidence for the gaps and recommendations mentioned in the audit report

D.

A management response in the final report with a committed implementation date

Buy Now
Questions 12

Which of the following is MOST likely to be detected by an IS auditor applying data analytic techniques?

Options:

A.

Potentially fraudulent invoice payments originating within the accounts payable department

B.

Completion of inappropriate cross-border transmission of personally identifiable information (Pll)

C.

Unauthorized salary or benefit changes to the payroll system generated by authorized users

D.

Issues resulting from an unsecured application automatically uploading transactions to the general ledger

Buy Now
Questions 13

Which of the following presents the GREATEST concern when implementing data flow across borders?

Options:

A.

Equipment incompatibilities

B.

National privacy laws

C.

Political unrest

D.

Software piracy laws

Buy Now
Questions 14

Which of the following is the BEST solution to minimize risk from security flaws introduced by developers using open source libraries?

Options:

A.

Dynamic application security testing tools

B.

Security business impact analysis (BIA)

C.

Checks of dependencies between code libraries

D.

Technical documentation review policies

Buy Now
Questions 15

Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?

Options:

A.

Improving system performance

B.

Reducing hardware maintenance costs

C.

Minimizing business loss

D.

Compensating for the lack of contingency planning

Buy Now
Questions 16

Which of the following is an objective of data transfer controls?

Options:

A.

To ensure there are sufficient dedicated resources in place to facilitate data transfer

B.

To ensure receiving data fields have been configured according to the structure of the transmitted data

C.

To ensure the data is backed up on a regular basis

D.

To ensure access control lists are accurately and completely maintained

Buy Now
Questions 17

When developing metrics to measure the contribution of IT to the achievement of business goals, the MOST important consideration is that the metrics:

Options:

A.

are used by similar industries to measure the effect of IT on business strategy.

B.

measure the effectiveness of IT controls in the achievement of IT strategy.

C.

provide quantitative measurement of IT initiatives in relation with business targets,

D.

are expressed in terms of how IT risk impacts the achievement of business goals.

Buy Now
Questions 18

Which of the following is MOST influential when defining disaster recovery strategies?

Options:

A.

Annual loss expectancy

B.

Maximum tolerable downtime

C.

Data classification scheme

D.

Existing server redundancies

Buy Now
Questions 19

Which of the following is found in an audit charter?

Options:

A.

Audit objectives and scope

B.

Required training for audit staff

C.

The process of developing the annual audit plan

D.

The authority given to the audit function

Buy Now
Questions 20

Which of the following is the GREATEST benefit of utilizing data analytics?

Options:

A.

Improved communication with management due to more confidence with data results

B.

Better risk assessments due to the identification of anomalies and trends

C.

Higher-quality audit evidence due to more representative audit sampling

D.

Expedient audit planning due to early identification of problem areas and incomplete data

Buy Now
Questions 21

An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that

Options:

A.

security parameters are set in accordance with the organizations policies

B.

security parameters are set in accordance with the manufacturer's standards

C.

a detailed business case was formally approved prior to the purchase.

D.

the procurement project invited tenders from at least three different suppliers.

Buy Now
Questions 22

An IS auditor is reviewing the key payroll interface that collects wage rates from various business applications to process payroll. Which of the following is MOST likely to cause errors in payroll processing?

Options:

A.

User acceptance testing (UAT) has not been properly documented for all changes.

B.

Data conversion procedures did not include all business applications and interfaces.

C.

The payroll processing application does not follow a regularly scheduled patching cycle.

D.

Changes to the interface configuration settings were not adequately tested and approved.

Buy Now
Questions 23

In planning a major system development project, function point analysis would assist in:

Options:

A.

determining the business functions undertaken by a system or program.

B.

estimating the size of a system development task

C.

estimating the elapsed time of the project

D.

analyzing the functions undertaken by system users as an aid to job redesign

Buy Now
Questions 24

An organization s audit charter PRIMARILY:

Options:

A.

formally records the annual and quarterly audit plans

B.

documents the audit process and reporting standards

C.

describes the auditors' authority to conduct audits

D.

defines the auditors' code of conduct

Buy Now
Questions 25

Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization"?

Options:

A.

To comply with legal and regulatory requirements

B.

To provide options to individuals regarding use of their data

C.

To prevent confidential data loss

D.

To identify data at rest and data in transit for encryption

Buy Now
Questions 26

Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

Options:

A.

Invest in current technology

B.

Create a technology watch team that evaluates emerging trends.

C.

Make provisions In the budgets for potential upgrades.

D.

Create tactical and strategic IS plans

Buy Now
Questions 27

Which of the following provides an IS auditor with the BEST evidence that a system has been assessed for known exploits?

Options:

A.

Patch cycle report

B.

Vulnerability scanning report

C.

Black box testing report

D.

White box testing report

Buy Now
Questions 28

A large insurance company is about to replace a major financial application. Which of the following is the IS auditor's PRIMARY focus when conducting the pre-implementation review?

Options:

A.

Procedure updates

B.

Migration of data

C.

System manuals

D.

Unit testing

Buy Now
Questions 29

Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

Options:

A.

It is difficult To enforce the security policy on personal devices

B.

It is difficult to maintain employee privacy.

C.

IT infrastructure costs will increase.

D.

Help desk employees will require additional training to support devices.

Buy Now
Questions 30

Which of the following is the PRIMARY reason for an organization's procurement processes to include an independent party who is not directly involved with business operations and related decision-making'?

Options:

A.

To ensure continuity of processes and procedures

B.

To optimize use of business team resources

C.

To avoid conflicts of interest

D.

To ensure favorable price negotiations

Buy Now
Questions 31

Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?

Options:

A.

Logs are being collected in a separate protected host.

B.

Access to configuration files is restricted.

C.

Insider attacks are being controlled.

D.

Automated alerts are being sent when a risk is detected.

Buy Now
Questions 32

During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?

Options:

A.

Built-in data error prevention application controls

B.

Industry standard business definitions

C.

Input from customers

D.

Validation of rules by the business

Buy Now
Questions 33

An IS audit manager has been asked to perform a quality review on an audit that the same manager also supervised. Which of the following is (he manager's BEST response to this situation?

Options:

A.

Discuss with the audit team to understand how conclusions were reached.

B.

Determine whether audit evidence supports audit conclusions.

C.

Escalate the situation to senior audit leadership.

D.

Notify the audit committee of the situation.

Buy Now
Questions 34

Which of the following should be included in emergency change control procedures?

Options:

A.

Use an emergency ID to move production programs into development.

B.

Request that the help desk make the changes.

C.

Update production source libraries to reflect changes.

D.

Obtain user management approval before implementing the changes.

Buy Now
Questions 35

During a post-implementation review, a step in determining whether a project met user requirements is to review the:

Options:

A.

completeness of user documentation.

B.

integrity of key calculations.

C.

effectiveness of user training.

D.

change requests initiated after go-live.

Buy Now
Questions 36

Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?

Options:

A.

The testing could create application availability issues.

B.

The testing may identify only known operating system vulnerabilities.

C.

The issues identified during the testing may require significant remediation efforts.

D.

Internal security staff may not be qualified to conduct application penetration testing.

Buy Now
Questions 37

Which of the following issues identified during a postmortem analysis of the IT security incident response process should be of GREATEST concern?

Options:

A.

The incident response team did not initiate actions to limit the impact of the incident

B.

Incident response team members' contact details were not up to date.

C.

The root cause of the incident was not properly identified and documented

D.

The incident was caused by an attacker that exploited a zero-day vulnerability.

Buy Now
Questions 38

When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of:

Options:

A.

a security team.

B.

data classification.

C.

training manuals.

D.

data encryption.

Buy Now
Questions 39

Which of the following MOST efficiently protects computer equipment against short-term reductions in electrical power?

Options:

A.

Surge protection devices

B.

Alternative power supplies

C.

Power line conditioners

D.

Generators

Buy Now
Questions 40

Which of the following should an IS auditor expect to see in a network vulnerability assessment?

Options:

A.

Misconfiguration and missing updates

B.

Malicious software and spyware

C.

Zero-day vulnerabilities

D.

Security design flaws

Buy Now
Questions 41

An IS auditor attempts to sample for variables in a population of items with wide differences in values but

determines that an unreasonably large number of sample items must be selected to produce the desired

confidence level. In this situation, which of the following is the BEST audit decision?

Options:

A.

Allow more time and test the required sample

B.

Select a judgmental sample

C.

Select a stratified sample

D.

Lower the desired confidence level

Buy Now
Questions 42

While conducting a review of project plans related to a new software development, an IS auditor finds the project initiation document (PID) is incomplete. What is the BEST way for the auditor to proceed?

Options:

A.

Meet with the project sponsor to discuss the incomplete document.

B.

Prepare a finding for the audit report.

C.

Inform audit management of possible risks associated with the deficiency.

D.

Escalate to the project steering committee.

Buy Now
Questions 43

Which of the following is the MAIN risk associated with adding a new system functionality during the development phase without following a project change management process?

Options:

A.

The new functionality may not meet requirements

B.

The added functionality has not been documented

C.

The project may go over budget.

D.

The project may fail to meet the established deadline

Buy Now
Questions 44

The FIRST course of action an investigator should take when a computer is being attacked is to:

Options:

A.

copy the contents of the hard drive.

B.

disconnect it from the network.

C.

terminate all active processes

D.

disconnect the power source.

Buy Now
Questions 45

Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?

Options:

A.

Build in system logic to trigger data deletion at predefined times.

B.

Perform a sample check of current data against the retention schedule.

C.

Review the record retention register regularly to initiate data deletion.

D.

Execute all data deletions at a predefined month during the year.

Buy Now
Questions 46

When developing a business continuity plan (BCP), which of the following should be performed FIRST?

Options:

A.

Classify operations.

B.

Conduct a business impact analysis (BIA)

C.

Develop business continuity training.

D.

Establish a disaster recovery plan (DRP)

Buy Now
Questions 47

An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes?

Options:

A.

Alignment of project performance to pay incentives

B.

Adoption of business case and earned value templates

C.

Use of Gantt charts and work breakdown structures

D.

Measurement against defined and documented procedures

Buy Now
Questions 48

Which of the following is MOST influential when defining disaster recovery strategies?

Options:

A.

Annual loss expectancy

B.

Maximum tolerable downtime

C.

Data classification scheme

D.

Existing server redundancies

Buy Now
Questions 49

Which of the following findings should be of GREATEST concern to an IS auditor reviewing the effectiveness of an organization's problem management practices?

Options:

A.

Problem records are prioritized based on the impact of incidents

B.

Some incidents are closed without problem resolution.

C.

Root causes are not adequately identified

D.

Problems are frequently escalated to management for resolution

Buy Now
Questions 50

Which of the following is a directive control?

Options:

A.

Establishing an information security operations team

B.

Updating data loss prevention software

C.

Implementing an information security policy

D.

Configuring data encryption software

Buy Now
Questions 51

Which of the following human resources management practices BEST leads to the detection of fraudulent activity?

Options:

A.

Background checks

B.

Time reporting

C.

Employee code of ethics

D.

Mandatory time off

Buy Now
Questions 52

What is the MOST critical finding when reviewing an organization's information security management?

Options:

A.

No periodic assessments to identify threats and vulnerabilities

B.

No dedicated security officer

C.

No employee awareness training and education program

D.

No official charter for the information security management system

Buy Now
Questions 53

A post-implementation review of a development project concludes that several business requirements were not reflected in the software requirement specifications. Which of the following should an IS auditor recommend to reduce this problem in the future?

Options:

A.

Appoint a business unit representative.

B.

Write test cases from the user requirements.

C.

Trace the changes to requirements back to all affected products.

D.

Set up a configuration control board.

Buy Now
Questions 54

Which of the following is MOST important lo have in place for he continuous improvement of process maturity within a large IT support function?

Options:

A.

Performance metrics dashboard

B.

Control self-assessments (CSAs)

C.

Regular internal audits

D.

Project management

Buy Now
Questions 55

Which of the following would be MOST important to update once a decision has been made to outsource a critical application to a cloud service provider?

Options:

A.

IT budget

B.

Business impact analysis (BIA)

C.

IT resource plan

D.

Project portfolio

Buy Now
Questions 56

Which of the following BEST enables an IS auditor to detect incorrect exchange rates applied to outward remittance transactions at a financial institution?

Options:

A.

Developing computer-assisted audit techniques (CAATs) during transaction audits

B.

Performing sampling tests on transactions processed at the end of each day

C.

Running continuous auditing scripts at the end of each day

D.

Using supervised machine learning techniques to develop a regression model to predict incorrect input

Buy Now
Questions 57

A 5 year audit plan provides for general audits every year and application audits on alternating years. To achieve higher efficiency, the IS audit manager would MOST likely:

Options:

A.

Alternate between control self-assessment (CSA) and general audits every year.

B.

Have control self-assessments (CSAs) and formal audits of application on alternating years

C.

Implement risk assessment criteria to determine audit priorities

D.

Proceed with the plan and integrate all new applications

Buy Now
Questions 58

Which of the following findings should be of GREATEST concern to an IS auditor conducting a forensic analysis following incidents of suspicious activities on a server?

Options:

A.

Audit logs are not enabled on the server.

B.

The server is outside the domain.

C.

The server's operating system is outdated.

D.

Most suspicious activities were created by system IDs.

Buy Now
Questions 59

An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?

Options:

A.

Attend project progress meetings to monitor timely implementation of the application.

B.

Assist users in the design of proper acceptance-testing procedures.

C.

Follow up with project sponsor for project's budgets and actual costs.

D.

Review functional design to determine that appropriate controls are planned.

Buy Now
Questions 60

Which of the following BEST measures project progress?

Options:

A.

Earned-value analysis (EVA)

B.

Project plan

C.

SWOT analysis

D.

Gantt chart

Buy Now
Questions 61

Within the context of an IT-related governance framework, which type of organization would be considered MOST mature?

Options:

A.

An organization in which processes are repeatable and results periodically reviewed

B.

An organization m a state of dynamic growth with continuously updated policies and procedures

C.

An organization with established sets of documented standard processes

D.

An organization with processes systematically managed by continuous improvement

Buy Now
Questions 62

Which of the following physical controls will MOST effectively prevent breaches of computer room security?

Options:

A.

Photo IDs

B.

CCTV monitoring

C.

Retina scanner

D.

RFID badge

Buy Now
Questions 63

Which of the following implementation strategies for new applications presents the GREATEST risk during data conversion and migration from an old system to a new system?

Options:

A.

Pilot implementation

B.

Phased implementation

C.

Direct cutover

D.

Parallel simulation

Buy Now
Questions 64

The MOST important reason why an IT risk assessment should be updated on a regular basis is to:

Options:

A.

comply with risk management policies

B.

comply with data classification changes.

C.

react to changes in the IT environment.

D.

utilize IT resources in a cost-effective manner.

Buy Now
Questions 65

When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:

Options:

A.

Platform as a Service (PaaS).

B.

Software as a Service (SaaS).

C.

Infrastructure as a Service (laaS).

D.

Identity as a Service (IDaaS).

Buy Now
Questions 66

An IS auditor is reviewing a network diagram. Which of the following would be the BEST location for placement of a firewall?

Options:

A.

Between virtual local area networks (VLANs)

B.

At borders of network segments with different security levels

C.

Between each host and the local network switch/hub

D.

Inside the demilitarized zone (DMZ)

Buy Now
Questions 67

During which phase of the incident management life cycle should metrics such as "mean time to incident discovery" and "cost of recovery" be reported?

Options:

A.

Containment, analysis, tracking, and recovery

B.

Post-incident assessment

C.

Planning and preparation

D.

Detection, triage, and investigation

Buy Now
Questions 68

The PRIMARY reason to follow up on prior-year audit reports is to determine if

Options:

A.

prior-year recommendations have become irrelevant

B.

significant changes to the control environment have occurred

C.

identified control weaknesses have been addressed

D.

inherent risks have changed

Buy Now
Questions 69

An IS auditor is conducting a pre-implementation review to determine a new system's production readiness. The auditor's PRIMARY concern should be whether:

Options:

A.

benefits realization has been evidenced

B.

there are unresolved high-risk items

C.

the project adhered to the budget and target date.

D.

users were involved in the quality assurance (QA) testing.

Buy Now
Questions 70

An IS auditor finds that needed security patches cannot be applied to some of an organization's network devices due to compatibility issues. The organization has not budgeted sufficiently for security upgrades. Which of the following should the auditor recommend be done FIRST?

Options:

A.

Perform a risk analysis of the relevant security issues.

B.

Prioritize funding for next year's budget.

C.

Discuss adding compensating controls with the vendor.

D.

Implement stronger security patch management processes.

Buy Now
Questions 71

Which of the following is MOST important for an effective control self-assessment (CSA) program?

Options:

A.

Understanding the business process

B.

Performing detailed test procedures

C.

Evaluating changes to the risk environment

D.

Determining the scope of the assessment

Buy Now
Questions 72

When evaluating an IT organizational structure, which of the following is MOST important to ensure has been documented?

Options:

A.

Human resources (HR) policy on organizational changes

B.

Provisions for cross-training

C.

Succession and promotion plans

D.

Job functions and duties

Buy Now
Questions 73

An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation''

Options:

A.

Device registration

B.

An acceptable use policy

C.

Device baseline configurations

D.

An awareness program

Buy Now
Questions 74

Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptable use policy for the equipment. What type of control has been recommended?

Options:

A.

Detective control

B.

Directive control

C.

Preventive control

D.

Corrective control

Buy Now
Questions 75

When performing a post-implementation review, the adequacy of the data conversion effort would BEST be evaluated by performing a thorough review of the:

Options:

A.

functional conversion rules

B.

go-live conversion results.

C.

conversion user acceptance testing (UAT) results.

D.

detailed conversion approach templates

Buy Now
Questions 76

Which of the following is the BEST way for an IS auditor to ensure the completeness of data collected for advanced analytics during an audit?

Options:

A.

Perform additional quality control steps after selecting the samples

B.

Review the query or parameters used to download the data before selecting samples

C.

Obtain access to the quality assurance (QA) system to independently download the information

D.

Request the data owner to verify and approve the information

Buy Now
Questions 77

Which of the following is a detective control that can be used to uncover unauthorized access to information systems?

Options:

A.

Requiring long and complex passwords for system access

B.

Implementing a security information and event management (SIEM) system

C.

Requiring internal audit to perform periodic reviews of system access logs

D.

Protecting access to the data center with multif actor authentication

Buy Now
Questions 78

Which of the following findings should be of GREATEST concern to an IS auditor reviewing system deployment tools for a critical enterprise application system?

Options:

A.

Change requests do not contain backout plans.

B.

There are no documented instructions for using the tool.

C.

Access to the tool is not approved by senior management.

D.

Access to the tool is not restricted.

Buy Now
Questions 79

Which of the following is the GREATEST risk associated with the lack of an effective data privacy program?

Options:

A.

Inability to obtain customer confidence

B.

Inability to manage access to private or sensitive data

C.

Failure to comply with data-related regulations

D.

Failure to prevent fraudulent transactions

Buy Now
Questions 80

Which of the following should be of MOST concern lo an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?

Options:

A.

The certificate revocation list has not been updated.

B.

The private key certificate has not been updated.

C.

The PKI policy has not been updated within the last year.

D.

The certificate practice statement has not been published.

Buy Now
Questions 81

Which of the following is the BEST reason to utilize blockchain technology to record accounting transactions?

Options:

A.

Integrity of records

B.

Confidentiality of records

C.

Availability of records

D.

Distribution of records

Buy Now
Questions 82

An IS auditor wants to understand the collective effect of the preventive, detective, and corrective controls for a specific business process. Which of the following should the auditor focus on FIRST?

Options:

A.

The formal documentation of the process and how adherence is measured

B.

Whether the existence of preventive controls causes corrective controls to become unnecessary

C.

Whether segregation of duties is in place when two controls are applied simultaneously

D.

The various points in the process where controls are exercised

Buy Now
Questions 83

Which of the following would provide the BEST evidence of the effectiveness of mandated annual security awareness training?

Options:

A.

Number of security incidents

B.

Trending of social engineering test results

C.

Surveys completed by randomly selected employees

D.

Results of a third-party penetration test

Buy Now
Questions 84

Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping?

Options:

A.

Transport Layer Security (TLS)

B.

Secure Shell (SSH)

C.

Point-to-Point Protocol (PPP)

D.

Internet Key Exchange (IKE)

Buy Now
Questions 85

Which of the following sampling techniques is BEST to use when verifying the operating effectiveness of internal controls during an audit of transactions?

Options:

A.

Attribute sampling

B.

Statistical sampling

C.

Judgmental sampling

D.

Stop-or-go sampling

Buy Now
Exam Code: CISA
Exam Name: Certified Information Systems Auditor
Last Update: Apr 21, 2021
Questions: 572

PDF + Testing Engine

$124.5  $249

Testing Engine

$112.5  $225

PDF (Q&A)

$99.5  $199